/
configure.ac
80 lines (67 loc) · 2.52 KB
/
configure.ac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
AC_PREREQ([2.60])
AC_INIT([autoharden], [1.0])
AM_INIT_AUTOMAKE([-Wall -Werror foreign])
AC_CONFIG_SRCDIR([src/main.cc])
AC_PROG_CC
AC_PROG_CXX
# We want to check for compiler flag support, but there is no way to make
# clang's "argument unused" warning fatal. So we invoke the compiler through a
# wrapper script that greps for this message.
saved_CC="$CC"
saved_CXX="$CXX"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
CXX="$flag_wrap $CXX"
LD="$flag_wrap $LD"
# We use the same hardening flags for C and C++. We must check that each flag
# is supported by both compilers.
AC_DEFUN([check_cc_cxx_flag],
[AC_LANG_PUSH(C)
AX_CHECK_COMPILE_FLAG([$1],
[AC_LANG_PUSH(C++)
AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])
AC_LANG_POP(C++)],
[$3], [-Werror $4])
AC_LANG_POP(C)])
AC_DEFUN([check_link_flag],
[AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--enable-hardening],
[Enable compiler and linker options to frustrate memory corruption exploits @<:@yes@:>@])],
[hardening="$enableval"],
[hardening="yes"])
HARDEN_CFLAGS=""
HARDEN_LDFLAGS=""
AS_IF([test x"$hardening" != x"no"], [
check_cc_cxx_flag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
# This one will likely succeed, even on platforms where it does nothing.
check_cc_cxx_flag([-D_FORTIFY_SOURCE=2], [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
check_cc_cxx_flag([-fstack-protector-all],
[check_link_flag([-fstack-protector-all],
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-protector-all"
check_cc_cxx_flag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
[], [-fstack-protector-all])
check_cc_cxx_flag([--param ssp-buffer-size=1], [HARDEN_CFLAGS="$HARDEN_CFLAGS --param ssp-buffer-size=1"],
[], [-fstack-protector-all])])])
check_cc_cxx_flag([-fPIE],
[check_link_flag([-fPIE -pie],
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fPIE"
HARDEN_LDFLAGS="$HARDEN_LDFLAGS -pie"],
[check_link_flag([-fPIE -Wl,-pie],
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fPIE"
HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-pie"])])])
check_link_flag([-Wl,-z,relro],
[HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
check_link_flag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])])
AC_SUBST([HARDEN_CFLAGS])
AC_SUBST([HARDEN_LDFLAGS])
# End of flag tests.
CC="$saved_CC"
CXX="$saved_CXX"
LD="$saved_LD"
AC_CONFIG_FILES([
Makefile
src/Makefile
])
AC_OUTPUT